Security Watch

Keeping Track of patches and hacks in the IT security world.

Blue Hat: Token Kidnapping, Browser Security on Front Burner

Blue Hat: Token Kidnapping, Browser Security on Front Burner

Software engineers at Microsoft will get a front-row seat to hear about an unpatched Windows security hole that was once pooh-poohed as a "design issue" that shouldn't be seen as a security vulnerability.

At the Spring edition of Redmond's Blue Hat hacker conference, the software giant has invited Argeniss researcher Cesar Cerrudo to present his discovery of a new technique for elevating privileges on Windows, mostly from services.

The technique exploits design weaknesses in Microsoft Windows XP, Windows Server 2003, Windows Vista, and even Windows Server 2008.

Cerrudo, a well-respected hacker who is known for discovering major bugs in Oracle, IBM and Microsoft products, presented the Token Kidnapping (.pdf) talk at the Hack in the Box conference in Dubai earlier this month.

[ SEE: Microsoft (Belatedly) Admits to Windows Server 2008 Token Kidnapping ]

Immediately after that presentation, Microsoft released a pre-patch advisory with the following warning:

"Specially crafted code running in the context of the NetworkService or LocalService accounts may gain access to resources in processes that are also running as NetworkService or LocalService. Some of these processes may have the ability to elevate their privileges to LocalSystem, allowing any NetworkService or LocalService processes to elevate their privileges to LocalSystem as well."

At Blue Hat, Cerrudo will explain the intricacies of the attack and will provide zero-day code for elevating privileges in SQL Server 2005 and Internet Information Sevices 6 and 7, according to the Blue Hat session description posted online.

The security models of Web browsers, anti-virus software and browser plug-ins will also get top billing at Blue Hat. Also on the schedule is an update on Billy Rios and Nitesh Dhanjani's talk on the underground identity theft economy.